{"id":16314,"date":"2026-06-03T10:06:01","date_gmt":"2026-06-03T10:06:01","guid":{"rendered":"https:\/\/newestek.com\/?p=16314"},"modified":"2026-06-03T10:06:01","modified_gmt":"2026-06-03T10:06:01","slug":"ai-may-finally-unlock-the-cyber-budgets-cisos-have-wanted-for-years","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16314","title":{"rendered":"AI may finally unlock the cyber budgets CISOs have wanted for years"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority.<\/p>\n

AI may finally be changing that equation.<\/p>\n

The rapid emergence of frontier AI systems capable of autonomous cyber operations \u2014 combined with the spread of agentic AI inside enterprises \u2014 has created something security leaders rarely enjoy: urgency at the board level.<\/p>\n

That urgency was unmistakable at the recent SANS AI Cyber Summit<\/a> in Washington, DC, where former deputy national security adviser Anne Neuberger<\/a> urged security leaders to capitalize on the moment.<\/p>\n

\u201cWe have a moment in time now where the knowledge of how LLMs are enabling attacks \u2026 [means] let\u2019s change the culture, let\u2019s operate with speed,\u201d Neuberger said during a keynote address.<\/p>\n

Her comments came just days after Bain & Co. warned<\/a> that many organizations may need to double or even triple cybersecurity investments to prepare for the operational challenges created by advanced AI systems such as Anthropic\u2019s Mythos<\/a>.<\/p>\n

\u201cWhat I\u2019m seeing is very refreshing,\u201d Nate Rollings<\/a>, CISO at threat exposure management vendor Zafran Security, told attendees at the recent CSO Cybersecurity Awards and Conference<\/a> in Nashville.<\/p>\n

\u201cOver the last couple years, we\u2019ve seen these budgets for the business and IT to adopt AI \u2026 to drive revenue-generating activity,\u201d he noted. \u201cBecause of Mythos and Glasswing, there\u2019s been this realization that we haven\u2019t enabled AI as much as we need to in security.\u201d As a result, \u201cwe\u2019re seeing this buy-in from the top down to say, \u2018Listen, we need to increase some of the budget so we can use AI within security in response to AI threats.\u201d<\/p>\n

For many CISOs, the convergence feels less like another hype cycle than a structural shift \u2014 especially as organizations rapidly deploy autonomous systems that security teams barely understand how to govern<\/a>.<\/p>\n

How AI is expanding enterprise risk<\/h2>\n

With the rapid adoption of AI agents, organizations are creating a new operational layer across their enterprises. These systems are increasingly capable of making decisions<\/a>, initiating actions, accessing sensitive systems, and interacting with other software at machine speed with minimal human oversight.<\/p>\n

\u201cAgentic AI is operating in ways we have not seen before in business,\u201d Diana Kelley<\/a>, CISO at Noma Security, tells CSO. \u201cWe\u2019re now protecting a decision and automation layer with AI because agentic AI is making decisions.\u201d<\/p>\n

Bernard Brantley<\/a>, CISO at Corelight, tells CSO that AI is exposing years of accumulated technical debt<\/a> by collapsing operational boundaries that security teams once relied on to isolate systems, data, and identity domains.<\/p>\n

\u201cI\u2019ve got a single potential agent that can go interact with all 50 interfaces available in the company in a sub-second,\u201d he says. \u201cNow we have to think about how much and how widely it proliferates.\u201d<\/p>\n

\u201cIf we said every person in the company now has three agents, we\u2019re now three orders of magnitude bigger in the landscape that we need to go secure,\u201d Brantley adds.<\/p>\n

Existing security architectures were built for human-driven systems, not autonomous agents operating continuously at machine speed, forcing organizations to rethink identity management<\/a>, monitoring, behavioral controls<\/a>, and boundaries around AI systems.<\/p>\n

\u201cYou have to monitor it,\u201d Kyle Lai<\/a>, president and CISO of KLC Consulting, tells CSO. \u201cIf it starts misbehaving, capture it just like a human account.\u201d<\/p>\n

Security leaders say one of the biggest emerging challenges is visibility<\/a>. Many organizations still lack reliable ways to monitor what AI agents are accessing, what decisions they are making, which systems they are interacting with, and whether those actions remain aligned with corporate policy over time.<\/p>\n

Unlike traditional software, autonomous agents can dynamically chain together actions across multiple enterprise systems, making it significantly harder for security teams to predict behavior or constrain access using conventional privilege models.<\/p>\n

Lai says organizations increasingly recognize that AI agents require the same identity, logging, auditing, and behavioral controls historically applied to employees and privileged users.<\/p>\n

At the same time, AI is accelerating operational risk elsewhere inside enterprises. AI-assisted coding systems, for example, are enabling developers to generate enormous amounts of software quickly \u2014 but often without fully understanding the resulting security implications<\/a>.<\/p>\n

Risk is accelerating faster than security teams can adapt<\/h2>\n

Security leaders say generative coding systems are compressing development cycles faster than many organizations\u2019 existing security review processes can realistically keep pace.<\/p>\n

Developers are increasingly deploying AI-generated code they may not fully understand, potentially introducing vulnerabilities, insecure dependencies, authentication flaws, and configuration errors into production environments at scale.<\/p>\n

\u201cAI is generating a lot of code,\u201d Lai says. \u201cIf you don\u2019t manage the vulnerabilities generated by the AI, then it\u2019s going to create more issues because now you\u2019re creating all these vulnerabilities.\u201d<\/p>\n

The operational implications are forcing many organizations to rethink cybersecurity less as a defensive IT function and more as a governance layer for autonomous enterprise systems.<\/p>\n

That shift is helping elevate cybersecurity discussions into broader conversations surrounding AI adoption, operational resilience, workforce automation, and business risk.<\/p>\n

Enterprise leaders are listening in ways they rarely have before<\/h2>\n

AI is also changing C-suite and boardroom behavior.<\/p>\n

For years, many security leaders struggled to persuade boards that cyber risk represented a strategic business issue rather than simply an IT expense.<\/p>\n

\u201cWe often talk about culture as a defense mechanism to change,\u201d Neuberger said at the SANS summit. \u201cWhat we\u2019re also seeing is suddenly CEOs talking about LLMs, talking about projects, and concerned about cybersecurity. That\u2019s a massive change.\u201d<\/p>\n

That attention matters because security spending has historically surged only when cyber risk becomes tied to broader business transformation.<\/p>\n

AI now sits at the center of boardroom conversations about competitiveness, automation, workforce productivity, and digital strategy, giving CISOs a rare opportunity to frame cybersecurity as an operational prerequisite for safe AI adoption.<\/p>\n

However, Brantley believes security leaders should resist fear-based messaging and instead position cybersecurity as a business enabler<\/a>. \u201cThe increase in cyber budget should actually be oriented toward delivering business value with respect to the current or strategic AI goal,\u201d he says. \u201cThere\u2019s no way to address things at the speed of AI without using AI.\u201d<\/p>\n

And what that often means is spending more on AI to tackle AI challenges. \u201cI think [the increased spend] is going to be a blend of, say, 10 new people who are well-versed in this AI problem and potentially a contractor or a vendor who\u2019s got a solution there, and then I will spend the money on the AI tokens to get to that answer.\u201d<\/p>\n

The most effective leader-level pitch may be that cybersecurity is becoming the operational foundation that allows organizations to scale AI safely without losing visibility, governance, or control.<\/p>\n

\u201cData poisoning, indirect prompt injection, agents taking rogue actions \u2014 that\u2019s all part of the risk conversation at an organization,\u201d Kelley says. \u201cThis is a risk conversation about how the business is making decisions.\u201d<\/p>\n

Budget requests need a business case<\/h2>\n

Not everyone believes AI will trigger a cyber spending boom.<\/p>\n

Ian Thornton-Trump<\/a>, CISO at Inversion6, warns that some organizations risk treating AI as a catch-all justification for spending without clearly articulating underlying business risks.<\/p>\n

\u201cI think waving the flag of AI is the wrong answer,\u201d Thornton-Trump says. \u201cI would be laughing as an executive at a company if somebody came to me and said, \u2018I want to spend a ton of money on AI for cyber.\u2019\u201d<\/p>\n

Thornton-Trump argues that boards continue to balance cybersecurity against a long list of competing strategic concerns, including geopolitical instability, climate risk, fraud, supply chain disruption, and rising operational costs.<\/p>\n

\u201cAsk for more money, but have a plan,\u201d he says. \u201cEspecially a plan that incorporates the fact that you\u2019re not going to get everything you ask for.\u201d<\/p>\n

The debate, in other words, isn\u2019t really about whether to spend \u2014 it\u2019s about whether security leaders can articulate why clearly enough to be heard.<\/p>\n

Whether the advent of AI is enough to boost budgets, it\u2019s clear that frontier AI, autonomous enterprise systems, and executive fear of falling behind competitors have suddenly aligned cybersecurity with core business strategy.<\/p>\n

The result would be the most significant shift in enterprise security spending since the rise of cloud computing \u2014 not because leaders suddenly fear cyberattacks more, but because they increasingly view cybersecurity as the operational foundation that makes large-scale AI adoption possible.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations \u2014 combined with the spread of agentic AI inside enterprises \u2014 has… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16314","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16314"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16314\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}